Would love to discuss voice searches and voice control on a future episode, so if you’re an “expert” please contact me.

Today’s topic – You are Responsible for Updating Your Technology

In the last month, I’ve had to do the following:

Rescued three websites from obvious hacking

Two were hijacked by an out-of-date WordPress plugin and dozens of fake blog posts linking to a casino were placed on the sites.

One was using a password created several years ago and the FTP was compromised, with THOUSANDS (over 50k) web pages were created, uploaded and indexed by google.

The new index.php page and all the rest were the only ones showing up in Google searches because of the dominance.

About six months ago I got a call that a WordPress site built over five years ago had NEVER been updated, and now stopped working.

That required updating WP, finding out what, if any of the existing plugins would still work with the new WP, and we had to find alternate solutions for outdated, un-updatable, or costly upgrades to certain plugins.

Two months ago I worked on a computer that was full of malware. The client was still running Windows XP and didn’t want to update. Windows XP was abandoned by Microsoft in April 2014, meaning there was no further development on the operating system and it would be exposed as insecure.

In all cases, there was a massive cleanup, one new install of WP, and a complete forced re-indexing of the website by Google and other search engines.

ALL of these could have been avoided if the core functions would have been maintained. By following just a few steps, your computer, phones and other devices can stay up to date and minimize the danger of being compromised.

Remember, criminals will most always take the low-hanging fruit, like the computer not updated in over 5 years, the WordPress site with outdated plugins, or the FTP password that hasn’t changed in half a decade.

A word of warning… updates can sometimes fail, and even cause larger issues. BACK UP YOUR DATA before running updates, or just in general. However, the risk of something bad happening during an update is nothing compared to the possible issues that can happen by running an out-of-date system.

WordPress and Other Websites

Back up everything on a regular basis – Always have a way to reset if something bad happens, even if you lose some data.

Turn on automatic updates for plugins and incremental WordPress updates.

Use a service to update multiple sites if needed.

Turn on notifications for major WordPress or theme releases, and run them after you back up, update plugins and prepare for possible downtime.

Also change your FTP and Cpanel passwords on a regular basis, or when someone leaves the organization.

Windows Computers

Back up on a regular basis. Services like Dropbox, OneDrive, Google Drive and others offer cheap, or even free secure cloud services that will back up your data.

Turn on automatic updates in the control panel. This will run in the background, and prompt to reboot when larger updates appear.

If you can update your operating system to at least Windows 8.2 you will at least be receiving regular security updates. There was a time you could have updated to Windows 10 for free, but you most likely missed that if you’re still running an older version.

Keep your software like browsers, office software and other major applications like Photoshop and others up to date by regularly checking, or selecting auto-updates if prompted.

Mobile Devices

Back up on a regular basis (notice a theme here?). Most carriers have this available, but you can keep your music in the cloud, photos backed up to Google Photos for free, contacts saved to Gmail or Gsuite, again for free, and other data can use Dropbox, Carbonite and other services.

Go into the Play Store or Updates on your mobile device and click Update All on a regular basis.

Always accept operating system updates when prompted, your device is properly charged or connected to a power source, and you have the necessary allotted time to accomplish the update. Do a full reboot once in a while to clear the device and also to re-engage auto-updates when the phone reaches back out to the carrier or app store.

Updates are an easy way to keep your site and devices secure. Criminals are looking for the easy targets when you’re dealing with electronic crime, so stay on top of your systems and update regularly.

Three executives sold stock. On 8/1 and 8/2 the CFO and two other execs sold $1.8million in stock, which dropped over 10% on the announcment. Equifax claims the officers had no knowledge of the hack

Your information could be in Equifax because they gather information on nearly everyone to sell to credit checking agencies. It knows everything about your credit cards, bank accounts, mortgage, auto loans, everything.

The website to find out if you’re affected has some issues

Stock WordPress

Site was flagged by OpenDNS as a potential phishing site

WHOIS showed domain wasn’t owned by Equifax

Site asked for six of nine numbers of social security number

Can state you’ve been breached using some test info… I believe this is residual from testing, but could show a larger issue.

What to do

Can check to see if you’re affected

Be advised the FREE service may turn into a PAID version after a time

Also, read the T&C’s on what rights you are giving up before you agree…. Rumors of being limited on legal actions against Equifax. It’s now being reported that the verbage has been removed, so you are NOT giving up legal rights.

Don’t forget to send us any suggestions for apps to review or people to interview. And subscribe to the BeBizzy Break Podcast on iTunes and Stitcher Radio. And as always, leave the technical stuff to us!

In this episode we talk with Scott Wild from NISC about the budget and organizational steps in planning and developing a new website, the upcoming iPhone, and Twitter Night Mode

BBP : Episode 53 – Scott Wild Talks About Planning a New Website

Scott Wild, the Onboarding & Employee Engagment specialist at NISC and owner of the Wild Trivia Tour, joins the podcast to talk about planning and budgeting for a new website. Scott and I have done several podcasts and other projects together in the past, including working for the same advertising agency in the same role a few years apart, so there’s no one I trust more when it comes to planning and pulling out the steps for a new site.

Let’s Start with the Basics

Websites are now the storefront of most businesses. It used to be billboards, newspapers and then television ads, but now many consumers find you online. So it’s important to have a user-friendly site that funnels potential clients through the buying experience. It’s not unlike how grocery and department stores are set up in that you walk through the store to get essentials, then back through everything again before being shown the “add-ons” at the checkout. You should find out what your visitors want, get them there quickly, then take them through the desired path while still serving their needs.

Planning Meetings : planning up front will decrease development time (and therefore cost) and get you the site you want.

Who is the audience(s)?

For each audience, “where do they itch?” Or what do they want/need to find on your site?

What do you want them to do right now? What’s the call to action?

Development

What CRM? WordPress? Drupal? A specialized CRM that’s built for your industry? Custom build? What’s the best fit for your business or organization?

Hosting

There are many criteria for hosts including cost, operating systems, server specs, bandwidth speed and limitations, and many, many more.

Choosing a good host can be a determining factor when Google and other search engines rank your site.

Social Media sites like Facebook, Twitter, LinkedIn and YouTube are critical in sending good traffic back into your website. Use them correctly and often.

PPC – We didn’t really talk about this on the podcast, but a good Google AdWords or LinkedIn campaign can be a great way to generate leads

If you really want to make a splash, there are large volume marketing pieces like Spotify or other campaigns that can be fired up, but most have a minimum spend.

Security

Make sure the site is backed up and has some security apps or plugins monitoring the site. This is critical when, not if, something bad happens.

There were so many other items to discuss on this podcast, but in many cases it’s better to discuss in person or over the phone. If you have questions on developing a new website, or would like to discuss in more detail, please call 701-214-6271 or contact BeBizzy Consulting and let’s find out how we can drive more customers to your website.

EPISODE 50!! AND, it’s our one year anniversary. So all around a big day for the BeBizzy Break Podcast!

In this episode we talk about what NIST has recommended for a new password strategy.

BBP : Episode 50 – Change Your Passwords… Again

First of all, congratulations to Dana and her team at the North Dakota Recreation and Parks Association on their new website. We launched http://NDRPA.com earlier this week. It’s a WordPress site with a calendar, subpage navigation and more. Check it out!

Also, I rescued two websites earlier this week from hacking. I’ll use this as my weekly reminder for all of your to back everything up. Websites, databases, financial information, personal photos… everything. Better to put a little bit of prevention and spend a little bit of money now than pay a bunch of money to possibly recover (or worse, possibly NOT recover) lost data.

Passwords

Back in 2003, Bill Burr (not the comedian) was a mid-level manager at NIST, the National Institute of Standards and Technology. They recommend standards on all sorts of things like official weight calibration, timing, and even technology guidelines like passwords. In 2003, Burr published NIST Special Publication 800-63 Appendix A, which spelled out the proper guidelines for creating and managing secure passwords on websites and networks. Those guidelines are still followed today.

The standards included a long password (8-12 characters), upper and lower case alphabet charcters, numbers, special characters and random. Sounds like every website you sign up for, doesn’t it?

But now, Mr. Burr has stated that in regards to this document and policy, “Much of what I did I now regret.” That’s an unfair statement by Bill. Back in 2003, we didn’t have much history of what computer network security was, and we definately didn’t have the case studies of how criminals and mischief-makers would do to gain access to computer networks. All of his recommendations sounded solid, and while possibly flawed, are still in use today.

What NIST and computer analysts are finding though is humans always find an easy way to get around something tough, and frankly secure. The requirements would allow a user to create a seemingly random password like “Pa5sW0rD”. You and I both know that says “PaSsWOrD”, but the computer sees it matches Burr’s recommendations.

So, when it comes time to update the password becasue of time requirements placed by the system adminstrators, or a data break. instead of creating a new, secure passwords, often we add something simple to it. “Pa5sW0rD” becomes “Pa5sW0rD1”, the “5” and “s” switch places, or something simple like that to remember but still meeting Burr’s recommendations.

Well the computer hackers have also figured out our shortcuts and have added some smarts into their password cracking to test out some of these easy switches. And it’s working.

In June 2017, NIST has published a new version of NIST Publication 800-63, which outlines a very different recommended password architecture. What started out as a project to simply review and slightly revise Burr’s policy recommendations became an eye-opening look into how users and criminals were using passwords. And results came back with a HUGE change in password policy.

Instead of a hard-to-remember, cryptic password, it was instead recommending four or five easy to remember words all pressed together. This is easy for the user to remember, change and use, and tough for the computer hackers to crack due to the length and randomness of the password.

A cartoon on XKCD.com drawn by Randall Munroe estimated that a password created using Burr’s methods, “Tr0ub4dor&3” would take only three days to crack using current methods. A password of four words all mixed together would take 550 years. That password was “correcthorsebatterystaple.” Which one do you think is easier to remember, and change? And if you DO need to change the password, which is now only recommended in the event of a data breach or similar event, you can swap out an entire word instead of just adding a “1” or “!” to the password.

It will be interesting to see how this is adapted and implemented across websites and networks. Most rules won’t allow passwords regardless of length, to not contain numbers, special charactes and upper/lower case, so there’s a lot of things that have to change for these guidelines to become common, but it makes sense.

Do you have thoughts on this or anything else technology related? Let me know on Twitter or at BeBizzy.com!

Google Business Listing – Make sure you use an email address owned by the company to create and manage the business listing. By not doing this, I’ve seen the process become very involved just to change the hours of operation.

Google Analytics – Same as above… use an email address belonging to the business to create this account. We’ve had an issue where we could not move an account to a client and therefore couldn’t use the existing account to manage everything without creating a new Analytics account.

Social Media – Picture this… you fire the employee in charge of social media. They created YOUR page with THEIR account, and therefore “own” it. Now, in order to make sure that previous employee doesn’t post negative information, or simply for you to continue to post as your business, you have to go to them and have them transfer ownership. Awkward! Create your own social media pages/accounts, and invite others to contribue. Then you can manage who gets access.

Domain Names and SSL’s – Your domain name is one of the first things potential customers can see. If you don’t technically “own” it, then moving it can be a long, and sometimes impossible process. Lease your own domain names, and SSL certificates to make sure you know when they are up for renewal, and can easilyl change everything in the event you move or change hosting.

If you’ currenty don’t own your digital business presence or properties, my suggestion is to get them as soon as you can. You never know when your current vendor will be leaving the business space, you lose critical employees, or even if YOU are planning on selling and need to transfer ownership.

Need some help getting this handled? Contact BeBizzy Consulting at 701.214.6271 or at BeBizzy.com and I’ll be happy to help you out!

Have any questions or suggestions for future podcasts? Leave them below, or send them to me @BeBizzy on Twitter!

I hate printing.

PC Load Letter…?

More than most anything else in running my own businesses, paper drives me nuts.

Now I know this makes me a bit out of the ordinary. Most people still default to notepads, post-it notes, or random pieces of paper to keep short reminders, meeting notes, and ideas, but maybe it’s time for you to buckle down and think about using your technology to do this job, and de-clutter your life and business.

Things You Probably Need To Print

There are some things in business that you might need to print, unfortunately.

Contracts

Invoices for Clients

Meeting Agendas

Print these if you must, but try to use tools like Docusign for contracts, email invoices from your accounting software for invoicing, and email or other electronic means for meeting agendas if possible.

Why Digital Instead of Print?

Like most controversial subjects, humans are looking for justification on why to do this process instead of just doing it like we’ve “always done it.” Need a few reasons to use digital instead of print? Here you go !

Offsite Backups – Fire, water, carelessness, etc can ruin your print documents. Digital files can be secured and backed up in several locations in case there’s a catastrophic event.

Searchable – Ever tried searching for a term or keyword in piles of paper? How about searching on the internet? Way easier to just type in what you want and have a few documents presented to you, isn’t it?

Accessible By Multiple Devices – Get to a document with your laptop, phone, tablet, or really anyone else’s device, all protected by login credentials.

Share or Limit Access to Files – Pretty much anyone can get into a general access filing cabinet. So that means you need MORE cabinets saved in secure areas like the accounting office, C-level suite, or possibly even another room. Digital files can be locked down to a single user, keeping access as secure as possible. On the flip side, if you need to share with multiple users a document can be shared across the network with anyone you wish.

Avoid the Day-To-Day Paper Mess

Ok, so it’s apparent that moving to paperless is a great method to clean up the office and become more efficient. How about some tools that will help you do this?

Storage – The first thing you need to do is determine how you are going to store and share the documents. If you want to keep everything contained in your network, you can use your internal server to do this. But if you want the advantages of outside accessibility you might consider using a cloud storage.

Backup/Security – Of course a big concern is security and backups of the data. Most of the cloud services have automatic backups and recovery systems. Also, most of them have encryption either natively active or available as an add-on.

Versioning– In some cases having multiple versions of the same document is desired. This works great on marketing documents, meeting agendas, policies, or other items that require several revisions. Cloud services like Box.com have a great way of tracking versions and accessing them as needed.

Receipts – One of the biggest sources of paper for many small businesses are receipts or bills. Get them digitized and out of your filing cabinets and make them easy to sort and report. All of the tools below make it easy to scan, photograph or submit a PDF of your receipts or bills.

Track Mileage and Travel Expenses – Eventually we all have to travel for business and tracking vehicle mileage, gas, food and other expenses can be tricky, or just a pain in the butt. Luckily there are many mobile apps and computer programs to help you with keeping track of these easily.

Milebug

MileIQ

Quickbooks

Notes – The staple of business life, right? We all take notes… lots of them. And most of the time they are on legal pads or composition notebooks that contain pages and pages of random notes and meeting results. Using electronic note systems keeps these loose notes organized, searchable, and shareable. And, if you use an tablet or some smartphones some of these applications also will allow the saving of handwritten notes.

Evernote

OneNote

Project and Task Management – Need to keep you and your team on task? You could use a whiteboard, random post-it notes, or just your brain to do this, or you could find a technology solution that meets the needs of your tasks and projects.

Outlook, Gmail and GSuite all have excellent task management tools built in.

More Tips on Avoiding Printing

Reasons digital is better than paper… check. Tools to keep me from printing… check. Now, you just need a few more tips on how to avoid using paper during the work day.

Print to PDF – Every time you would normally print a document to be placed in a filing cabinet, select Print to PDF and file it in your digital storage system.

Don’t Print Emails – I can’t think of a single reason, short of saving something offsite to maintain your innocence or proof of someone else’s guilt that you would print an email. It’s in your email, leave it there and use your other tools to

Maps – Remember the frustration and pain of using (and folding) paper maps? Heck, most people can’t even find north! Paper maps are close to obsolete the second they are printed. Use your GPS or smartphone to get where you need to go.

Faxes – If you need to fax something, first of all, yell at the company you are faxing information to. Then, after your meltdown, use a service like E-Fax to send electronic documents to their system. Odds are they have a digital service and don’t realize that the rest of us beat up our fax machines in an Office Space-like rampage.

Web Pages – Printing webpages was a pretty useful service several years ago, but now it’s just extra pieces of paper lying around. Send URLs via email, messaging systems, or share websites using apps like Pocket.

Bills – Did a bill arrive in the mail? Open it, scan it, save it in your storage location and accounting system, then put it in the shredder or trash bin… where it belongs.

Existing Paper

Finally, what should you do with the existing paper products you have in the office? You may have years of old documents, invoices, meeting notes just sitting in filing cabinets waiting patiently to be shredded when you’re ready to move or need more space. The easy solution would be to drag them out the parking lot, gather everything up, and set it on fire. But safety, and the law, make that impractical. So your options are really down to two. Store existing paper and remove it as it becomes unneeded or obsolete. Or, scan existing paper into your new digital system.

Scanning existing can be an expensive solution. However, do some math on what processes could be optimized by having the old documents digitized. Could more workforce work from home or remote locations more effectively? Could you share some information with partners, vendors or other resources to make things quicker? Could you make more money, or possibly spend less by buying less equipment or renting less space by getting rid of clutter? Is having your documents in a secure, emergency-proof location attractive to you as a business owner?

Scanning services are in nearly every town. They roll up to an office with a truck to keep documents in-house for the most part, and can even provide some solutions or guidance on how to set up your digital files. And if it’s something easy like receipts, Shoeboxed offers a service where you send in your receipts, then scan and organize them all, and you’re all set.

Stop Printing!

A paperless office might be right for you and your business. Maybe it’s time to get rid of those printing costs like paper, printer leases, toner, ink, storage and more by going all-digital. And, think of all that time you’ll save by not standing around the printer/copier waiting for you document to print!

Have any questions or suggestions on going paperless? Leave them below, or send them to me @BeBizzy on Twitter!

BeBizzy Break Podcast : Episode 39 – GSuite & Mailbird

Hosted by : Marv Dorner, owner of BeBizzy Consulting

Ever get the feeling that someone’s watching you?

That happened to me this week, as I started to look for a replacement for my Outlook replacement, Mailbird. The problem was that although I had hundreds of contacts saved in my various GSuite email accounts, there was no way to easily sync to or from GSuite. On many occassions I was either grabbing email addresses from my phone or having to log into the web interface to gather the email addresses so I could send.

Just this morning, I recevied an email from Mailbird claiming they had a new Contact Manager ready to roll out, all I had to do was update Mailbird, click a few things and BOOM!, contacts. The scariest part was that it worked EXACTLY like it was supposed to work, and now I don’t have to look for a new email system. Way to go, Mailbird! Check them out if you’re a GSuite or Gmail email user.

Happy World Backup Day, everyone! Well, maybe a couple days early, but we like to celebrate data backups all the time around here.

EP 35 – Happy World Backup Day!

Before we get too far, I’d like to wish a Happy 23rd Birthday to my daughter! We’ll see you this weekend and celebrate the best way you know how, by going to a hocke game!

Now, on to other important matters.

March 31 is World Backup Day. Back. Your. Data. Up. That is all…

I lied, that is NOT all. Your data is your business! Throw on top of that all your photos, your music, personal financial documents and more, and there are few things in life that would make things as difficult as recovering from a data failure.

At the VERY least, back up your data to an external hard drive or to another computer.

Personal Cloud storage devices are relatively cheap and easy to add to a home or office network.

Data companies like Dropbox and Carbonite have built a business out of managing backups for you. Check them out!

A group calling themselves the Turkish Crime Family has claimed to have stolen passwords to 530 Million Apple iCloud passwords. Time to change your passwords, kids!

If your Apple password has been stolen the thief can get access to your data, and even reset your phone.

FedEx is offering $5 for you to turn on Flash in your browsers.

Why should you NOT do that? Flash was proven to be an insecure browser extension years ago, so none of the modern browsers have it turned on by default.

FedEx needs to find a way to join the rest of us in 2017 and build a website that does not use this ancient, security-holed software.

One of the major perceived issues of WordPress sites is speed. Many WordPress sites are hosted on bargain hosting services not configured with speed (or in some cases reliability) in mind, are loaded with unnecessary plugins, and the free themes can sometimes cause a long load time.

But with a few steps your WordPress load many times faster than it currently does. So below are some ways to:

Speed Up WordPress With These Five Easy Steps

Hosting

Let’s start with the hosting. If you look at how a page loads you will most likely see the main response time is due to the host. Discount hosts are usually in a totally shared environment so there’s some extra equipment and scripts to run through to identify your site’s location and then direct the visitor there. Using dedicated hosting or even a VPS (Virtual Private Server) can really help this step. Some hosts will allow the addition of extra processing power, more memory and different hard drive space and types to boost your site’s response time.

Caching

Do you have content that remains fairly static on your website’s main pages? By implementing some caching plugins or scripts you can set the expiration time for images, content, and even some programming so as long as it still resides in the browser history of a user it can pull from the computer’s memory instead of downloading it again from your server. Of course they still have to pull from your server for the first visit, so implementing the other steps in this list will help as well. And if you’re on a server that limits or charges you more for bandwidth, caching can reduce cost by not repeatedly serving the same content, scripts and images over and over.

Images

Have you changed the size of your images for the web? How many times have you seen an image slowly loading into place on a page? Image resizing and compression is a great way to speed up your page and allow you to put more imagery on the site. Besides changing the physical and file sizes images on your site with Photoshop or other tools, there are many plugins and online resources that can reduce the size of your images.

Plugins

How many inactive plugins are on your site? How many plugins are running that SHOULD be inactive on your site due to WordPress and your theme revisions? Getting rid of unused plugins is a great way to speed up, and secure, your WordPress sites so review your installed list and take out the ones you haven’t, or no longer need.

Minify

This process is probably the most technical of the five, but it really speed up your site if done right. The minify process can reduce the number and size of your CSS files, javascript resources and even your theme’s HTML files to speed up how quickly they load and run. Some possible issues you can encounter are a total site crash, removal of some functionality or possibly some font changes and other small site variations, so make sure you do a complete site review as you go through the code minification process. Most plugins that do this offer a way to back out if the process causes an issue, but not all, so MAKE SURE YOU ARE BACKING UP THE SITE.

——————————-

WordPress can be a very secure, quick website CMS (content management system) that allows users to be on the web in a much shorter time that custom programming. It’s easily customizable system allows users to make thousands of changes to the programming and functionality of the website, including site speed. If you run your own site, check out some above the suggestions on the list above.

It’s a widely sites fact that WordPress powers 25% of the internet’s webpages. Think about that, 25%! And nearly 60% of the sites that use a CMS (content management system).

That is the main reason it is also a target. Like the popular Microsoft Windows or Android OS, WordPress powers so many sites that if you can find a way to compromise even a small percentage of websites using the system, you can gain access to literally millions of sites.

Because of this, one of the first questions I get when I suggest using WordPress is about security. But as I stated before, criminals and people looking to do general mischief as looking for the low-hanging fruit, the easy to hit sites. So with some basic precautions, your website can be even more secure than custom HTML sites.

Making WordPress Safe

There are a few basic steps that web developer or your company IT guy can take to secure your new or existing WordPress site. Below is a list of plugins, best practices and other items used by BeBizzy Consulting and many others to make your site as secure as possible.

Backups

Let’s start off with the most important part of the security system. If you don’t have a good backup of the site, it doesn’t matter how you set the rest up. Something WILL cause your website to fail; the webhost could suffer an attack or hardware failure, you could alter some code and break the site, or a security breach could happen directly to your site. With no backup, there’s no easy way to return to “normal,” so at minimal do a complete backup of the site files, and don’t forget to back up the database. There are automated methods as well for this process which are highly recommended.

WordPress Updates

The easiest way to gain access to a WordPress is through an out-of-date WordPress system. I’ve recovered sites running on 2.x (current is 4.7), and that’s a scary endeavor. WordPress puts out major releases a couple of times per year, and security patches about once a month or so to stay ahead of the pinholes that are found in WordPress. The best part is there are thousands of people who are looking at WordPress, for good and for bad, that identify issues and get them repaired. Keep you site updated and make sure PHP version can handle the update. If not, time to move!

I also suggest turning on automatic core updates. You should be able to toggle a switch that will update WordPress automatically for “X.x.x” updates, keeping your site secure without you even trying. Just make sure you test the site when notified of an update to make sure everything is running as it should.

Plugin Updates

The next best way to gain access to WordPress is through outdated, or poorly programmed plugins. Last summer I worked on recovering a WP site that had a plugin that had not been touched by the developer in over five years. When I updated the site to a new WP version, the plugin crashed and I had to find an alternative, more updated plugin that worked close to the same. But it’s not just keep the plugins updated, it’s keeping an eye open for poorly secured plugins as well. Do some research on a plugin before installing. Has anyone ever suffered a breach or WordPress crash after installing? What is the support like? How often do they update?

One thing that is often overlooked is deleting themes that are not being used, or are even active on the site. This is extra code that has been abandoned for one reason or another, and leaving it on your website can open a hole you don’t even know is there.

A final note on plugins, themes and other items is to NOT use pirated versions of software. Most plugins are fairly inexpensive and the alternative to paying $10 for a plugin is often spending hours, or even paying hundreds of dollars to have malicious code removed from a site. Pay the $10.

Themes

Next on the list of vulnerabilities is your theme. Every WordPress site is working on a theme, whether it’s the 2016 theme that came installed or one you paid for or got for free. Again, do a little research to make sure the theme you are planning to use isn’t a know security issue, does not get updated or supported, or is poorly written before you install it on your site. Then, update it as soon as you get a notification it has been revised.

More Security Steps

Below are a few other steps that are taken by BeBizzy Consulting, and should be considered by your team, host, or developer to make your site as secure as possible.

Change Username

Like on a computer or virtually every other system, do not use “Admin” as your administrator username. Pick something a bit more robust and always use a secure password. Changing the password often also makes it more difficult to keep access once it is achieved.

Move The WP-Login.php Page

There are several plugins that allow you to choose a different admin login page for your site. Install one of them and rename your login to something less known can eliminate some from even trying to access your admin simply because it doesn’t exist at the usual spot.

Install a Security Plugin

Many sites have Sucuri or Wordfence installed to protect the admin and other parts of the site. Even the free versions will notify you when the admin is accessed, limit login attempts at wp-login.php and the premium versions can lock down the admin to specific locations or IP address, security scans for malicious code, and much more.

Keep Your Site Safe

There are definitely more ways to secure your WordPress site. Editing the .htaccess file, hiding WordPress from source viewers, hiding site author names, picking a good (reputable) host, automating security audits, removing plugin and theme editors and others will help keep your site safe, but do require some knowledge and planning by someone that knows their way around WordPress.

Adding an SSL to your site and hosting is also a good idea not only for encrypting data being shared back and forth with users, but also to the search engines which are starting to use it in their algorithms.

I still feel that having a good backup is THE step you have to take. If you have a restore point on which you can rely, you can move, restore or save your website pretty easily. But if you are starting from a dirty site and have to clean it, be prepared to spend either a lot of time, or a fair amount of money, to have it back up. And frankly, some times it’s even more cost effective to build over than to attempt the save.

Have questions about securing your WordPress site, or considering a new website? Contact BeBizzy Consulting today, and leave the technical stuff to us!